On Tue, 03 Mar 2015, Guertin, David S. wrote:
Can you show us your sssd.conf? When SSSD runs on IPA master it should
not use extdom (ipa_s2n_exop_send and friends) at all.


Sure, here's my sssd.conf:

[domain/csns.middlebury.edu]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = csns.middlebury.edu
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ipa1.csns.middlebury.edu
chpass_provider = ipa
ipa_server = ipa1.csns.middlebury.edu
ldap_tls_cacert = /etc/ipa/ca.crt
subdomains_provider = ipa
debug_level = 10
[sssd]
services = nss, sudo, pam, ssh, pac
config_file_version = 2
debug_level = 5
domains = csns.middlebury.edu
[nss]
homedir_substring = /home
debug_level = 5
[pam]
debug_level = 10
[sudo]
debug_level = 5
[autofs]
debug_level = 5
[ssh]
debug_level = 5
[pac]
debug_level = 5
[ifp]
debug_level = 5
Ok, thanks.

I gather that you are running some version of RHEL 6.x (you never stated
your exact setup). What do you get with

wbinfo -m
wbinfo -i 'AD\user'

for some AD\user from active directory.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to